package com.jml.防xss和抓包.controller;


import com.jml.防xss和抓包.utils.SignUtil;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;
import java.util.Map;


@Controller
@SpringBootApplication
public class IndexController {

    /**
     * 获取用户信息
     *
     * @return
     */
    @RequestMapping("/getUserInfo")

    public String getUserInfo(HttpServletRequest request) {
        request.setAttribute("userName", request.getParameter("userName"));
        return "userinfo";
    }

    /**
     * 模拟支付金额
     *
     * @param amount
     * @return
     */
    @RequestMapping("/toPay")
    @ResponseBody
    public String getMeiteUser(Long amount) {
        // 获取当前线程对应的request对象
        HttpServletRequest request =
                ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        Map<String, String[]> parameterMap = request.getParameterMap();
        if (!SignUtil.verifyMap(parameterMap)) {
            return "请求参数有可能发生篡改，验证签名失败";
        }
        return "用户支付金额:" + amount;
    }

    public static void main(String[] args) {
        SpringApplication.run(IndexController.class);
    }
}
